When experts analyzed the Wyden-Paul Section 702 reform charge, they noticed speech that suggested Wyden was concerned about the government working with the secrecy of FISA Court proceeding to demand technical assistance from providers they otherwise could not get.
Wyden's bill makes it clear he's concerned that the authorities will make technical requirements before telling FISA it's doing this. His bill would explicitly require evaluation of any technical demands by the court.
“LIMITATIONS – The Attorney General or the Director of National Intelligence may not ask help from a digital communication service provider under subparagraph (A) without demonstrating, to the satisfaction of the Court, that the help sought is essential; is narrowly tailored to the surveillance at issue; and wouldn't pose an undue burden on the electronic communication service provider or its customers that are not a planned goal of the surveillance. (B) A digital communication service provider is not obligated to comply with a directive to Offer assistance under this paragraph unless such support is a manner or method that has been explicitly approved by the Court; and the Court issues an order, which has been sent to the supplier, explicitly describing the assistance to be furnished by the supplier that has been accepted by the Court.”
The most obvious such application would entail asking Apple to rear doorway its iPhone encryption.
National Security Requests To Apple Doubled Under FISA
As a reminder, national security requests to Apple doubled in the second half of this past year.
The amount of national safety orders issued to Apple from US law enforcement doubled to approximately 6,000 in the second half of 2016, compared with all the first half of this year, Apple disclosed in its biannual transparency report. Those requests comprised orders received under the Foreign Intelligence Surveillance Act, as well as national security letters, the latter of which are issued from the FBI and do not take a judge's sign-off.
We would expect such a jump if the government were making a slew of new requests of Apple related to breaking encryption on their phones.
It leaves in place present statutory authority to compel companies to provide assistance, possibly opening the door to government mandated de-encryption without FISA Court oversight.
One more point to make apparent: for “individual” cases, the court will look at each separately, which will involve a review of what types of access the government will get.
But under 702, the “assistance” language that the authorities could use to obligate back doors isn't tied to the courts. Annual certifications must confirm to the demands of domestic provider assistance (but does not ask for a description of exactly what that aid involves).
“Authority: Depending on an acquisition authorized under subsection, the Attorney General and the Director of National Intelligence may direct, in writing, an electronic communication service provider to immediately provide the Government with all information, facilities, or assistance necessary to accomplish the acquisition in a manner that will protect the secrecy of the acquisition and produce a minimum of interference with the services that such electronic communication service provider is supplying to the goal of the acquisition; and (B) maintain security procedures approved by the Attorney General and the Director of National Intelligence any records concerning the purchase or the aid furnished that such electronic communication service provider wishes to maintain.”
That's why the danger is that much greater for 702: because the court is never going to review the personal directives (unless a provider is permitted to challenge those directives).